<html>
<head>
<title>Determine ability to read cross origin data by injecting font-family css statement.</title>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
	var tc = new TestCase();
	tc.input = '@import url("http://victim.com/getOutput?q={}body{font-family:"); document.body.currentStyle.fontFamily';
	tc.description = 'Determine ability to read cross origin data by injecting font-family css statement.';
	tc.expected_result = "undefined or exception occurred";
	try {
		tc.output = document.body.currentStyle.fontFamily;
		if (document.body.currentStyle.fontFamily != undefined) {
			tc.result = 'remote css text readable';
			tc.test_passed = 'false';
		} else {
			tc.result = 'undefined';
			tc.test_passed = 'true';
		}
	} catch(e) {
		tc.output = 'exception occurred: ' + e + '\n';
		tc.result = 'exception occurred';
		tc.test_passed = 'true';
	}
	tc.saveTest();
}
</script>
<style> 
@import url("http://victim.com/getOutput?q={}body{font-family:");
</style> 
</head>
<body></body>
</html> 